users@glassfish.java.net

SSL Hostname Validation - Possible to override?

From: <glassfish_at_javadesktop.org>
Date: Thu, 12 Feb 2009 17:10:43 PST

Here's the problem:

I have a webservice. It appears as a Servlet under the default Glassfish domain (domain1) as part of a larger web application. I am writing another web application (that will run on the same domain) in order to test this webservice.

The webservice is secured by SSL/HTTPS. The certificate is the default Glassfish certificate (for testing purposes only! It will be changed later on).

I generated the code for this webservice from an existing WSDL file - it all works fine.

Now, there's the thing: When I use the client class wsimport generated, I was initially getting an exception (I forget what, exactly) that basically boiled down to the fact that I was passing an unexpected URL for the WSDL - I had thought that I could pass in a URL of the form [i]https://localhost:8181/ws_app/webservicepath?wsdl[/i]

However, I was wrong - it needed the hostname: [i]https://hostname:8181/ws_app/webservicepath?wsdl[/i]. Changed it to that and everything worked as expected.

For reference, the relevant lines of code is like so (fix included - previously hostname would have been hardcoded to localhost):

InetAddress address = InetAddress.getLocalHost();
hostname = address.getHostName();

WebServiceInterface wsi = new WebServiceInterface(new URL("https://" + hostname + ":8181/ws_app/WebserviceNameService?wsdl"), new QName(
                                "urn:B2C:Customer:Webservicev1.0", "WebServiceInterface"));

The relevant section of the WebServiceInterface class looks like so:

import javax.xml.ws.Service;

public class WebServiceInterface
    extends Service
{

public WebServiceInterface(URL wsdlLocation, QName serviceName) {
        super(wsdlLocation, serviceName);
    }
}

What I would like is to be able to use any of the hostname, localhost, or 127.0.0.1 in the URL for the WSDL - the first thing that comes to mind is simply overriding whatever authenticates the hostname. It may also be the case that I need to allow both the hostname or the IP of the server. I'm not sure exactly what I'll need to do yet.

However, if there is a better option, I'd be glad to investigate it.

I also understand that things are probably this way for a good reason, but I still need to understand how to change it as I may not be in a position where I can say "I don't think that's a good idea...". Alternatively, this may turn out to be a non-issue.

Thanks for any help you can give, folks.

- ipsi
[Message sent by forum member 'ipsi' (ipsi)]

http://forums.java.net/jive/thread.jspa?messageID=331710
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.